Section 1: Security Overview

Question 1

What is Confidentiality?

Answer 1

Information has not been disclosed to unauthorized people (anything that mentions encryption has to do with confidentiality)

Question 2

What is Integrity?

Answer 2

Information has not been modified or altered without proper authorization (for example, a bank teller can’t change your bank balance wily nilly; hashing)

Question 3

What is availability?

Answer 3

Information is able to be stored, access, or protected at all times

Question 4

What are the three A’s

Answer 4

Authentication, Authorization and Accounting

Question 5

Authentication

Answer 5

When a person’s identity is established with proof and confirmed by a system (entering in email and password and granted access, for example)

Question 6

What are the five methods of authentication?

Answer 6

Something you know, something you are, something you have, something you do and somewhere you are

Question 7

What is authorization?

Answer 7

Occurs when a user is given access to a certain piece of data or certain areas of a building

Question 8

What is accounting?

Answer 8

Tracking of data, computer usage, and network resources (usually put in a log file)

Question 9

What is malware?

Answer 9

Short-hand term for malicious software (trojan horses, spyware, rootkits, adware, ransomware, etc.)

Question 10

Unauthorized Access

Answer 10

Occurs when access to computer resources and data happens without the consent of the owner (guessing a password, etc.)

Question 11

System Failure

Answer 11

When a computer crashes or system fails (BSOD, etc.)

Question 12

Social Engineering

Answer 12

Act of manipulating users into revealing confidential information (phishing, etc.)

Question 13

What are the three categories that can be used when mitigating threats?

Answer 13

Physical, technical, and administrative controls

Question 14

Physical Controls

Answer 14

Alarm systems, locks, surveillance cameras, id cards, closed circuit tv

Question 15

Technical Controls

Answer 15

Smart cards, encryption, access control lists, intrusion detection systems, and network authentication

Question 16

Administrative Controls

Answer 16

Policies, procedures, security awareness training, contingency planning, and disaster recovery plans

Question 17

What are the two categories we can further break down administrative controls?

Answer 17

Procedural controls and regulatory or legal controls

Question 18

What is the most cost effective security control you can utilize?

Answer 18

User training

Question 19

Administrative controls are also referred to as…

Answer 19

Managerial controls

Question 20

What are the five types of hackers?

Answer 20

White hats, red hats, blue hats, gray hats, and elite

Question 21

White Hat Hacker

Answer 21

Non-malicious hackers who attempt to break into a company’s systems at the company’s request

Question 22

Black Hat Hacker

Answer 22

Malicious hackers who break into computer systems and networks without authorization or permission

Question 23

Gray Hat Hacker

Answer 23

Hackers without any affiliation to a company that attempts to break into a company’s network and risks breaking the law

Question 24

Blue Hat Hacker

Answer 24

Hackers who attempt to hack into a network with permission of the company but are not employed by the company

Question 25

Elite Hackers

Answer 25

Hackers who find and exploit vulnerabilities before anyone else does (1 in 10,000 are elite)

Question 26

What are the five kinds of threat actors?

Answer 26

Script Kiddies, Hacktivists, advanced persistent threats

Question 27

Hacktivists

Answer 27

Hackers who are drive by a cause like social change, political agendas, or terrorism

Question 28

Organized Crime

Answer 28

Hackers who are part of a crime group that is well-funded and highly sophisticated

Question 29

Advanced Persistent Threats

Answer 29

Highly trained and funded groups of hackers (often by nation states) with covert and open-source intelligence at their disposal

Question 30

What factors can we use to weigh the value of the intelligence we receive?

Answer 30

Timeliness, relevancy, accuracy, and confidence level

Question 31

What does the MISP Project do?

Answer 31

Codifies the user of admiralty scale for grading data and estimative language

Question 32

Where can you get information from?

Answer 32

Proprietary (subscription fee), Closed-Source (derived from own research or mined like FireEye), Open-Source (available without subscription)

Question 33

What are Open-Source examples?

Answer 33

US-CERT, UK’s NCSC, ATT Security (OTX), MISP, VirusTotal, Spamhaus, SANS ISC Suspicious Domains

Question 34

What is implicit knowledge?

Answer 34

Can only get from experienced practitioners (from experience)

Question 35

What is Open Source Intelligence?

Answer 35

What people can find out from public records, websites and social media

Question 36

Threat Hunting

Answer 36

Looking for threats instead of waiting for an attack

Question 37

How do you do threat hunting?

Answer 37

Establish a hypothesis, profile threat actors and activities (create a scenario on how they’re going to do and what they might do)

Question 38

What are the benefits of threat hunting?

Answer 38

Improve detection capabilities, integrate intelligence, reduce attack surface, block attack vectors, identify critical assets

Question 39

What is the Lockheed Martin Kill Chain?

Answer 39

A model developed by Lockheed Martin that describes the stages by which a threat actor progresses a network intrusion

Question 40

What is the MITRE ATT&CK framework?

Answer 40

A knowledge base maintained by the MITRE Corporation for listing and explaining specific adversary tactics, techniques, and common knowledge or procedures (attack.mitre.org)

Question 41

Diamond Model of Intrusion Analysis

Answer 41

A framework for analyzing cybersecurity incidents and intrusions by exploring the relationships between four core features: adversary, capability, infrastructure, and victim